Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
yujianwangzivayy
MaxKey
提交
173f5cdf
MaxKey
项目概览
yujianwangzivayy
/
MaxKey
与 Fork 源项目一致
Fork自
MaxKey单点登录官方(MaxKeyTop) / MaxKey
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
173f5cdf
编写于
6月 05, 2020
作者:
MaxKey单点登录官方
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
OAuth2 Access Confirmation
OAuth2 Access Confirmation
上级
fd2a054d
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
119 addition
and
65 deletion
+119
-65
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
...java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+3
-2
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
...roval/controller/OAuth20AccessConfirmationController.java
+83
-54
maxkey-web-maxkey/src/main/resources/messages/message.properties
...web-maxkey/src/main/resources/messages/message.properties
+5
-0
maxkey-web-maxkey/src/main/resources/messages/message_en.properties
...-maxkey/src/main/resources/messages/message_en.properties
+5
-0
maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
...s/templates/views/authorize/oauth_access_confirmation.ftl
+23
-9
未找到文件。
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
浏览文件 @
173f5cdf
...
@@ -40,12 +40,13 @@ public class AuthorizeBaseEndpoint {
...
@@ -40,12 +40,13 @@ public class AuthorizeBaseEndpoint {
Apps
app
=(
Apps
)
WebContext
.
getAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
());
Apps
app
=(
Apps
)
WebContext
.
getAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
());
//session中为空或者id不一致重新加载
//session中为空或者id不一致重新加载
if
(
app
==
null
||!
app
.
getId
().
equalsIgnoreCase
(
id
))
{
if
(
app
==
null
||!
app
.
getId
().
equalsIgnoreCase
(
id
))
{
app
=
appsService
.
get
(
id
);
app
=
appsService
.
get
(
id
);
WebContext
.
setAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
(),
app
);
}
}
if
(
app
==
null
){
if
(
app
==
null
){
_logger
.
error
(
"Applications for id "
+
id
+
" is null"
);
_logger
.
error
(
"Applications for id "
+
id
+
" is null"
);
}
}
WebContext
.
setAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
(),
app
);
return
app
;
return
app
;
}
}
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
浏览文件 @
173f5cdf
package
org.maxkey.authz.oauth2.provider.approval.controller
;
package
org.maxkey.authz.oauth2.provider.approval.controller
;
import
java.security.Principal
;
import
java.util.HashMap
;
import
java.util.HashMap
;
import
java.util.LinkedHashMap
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
import
java.util.Map
;
import
org.maxkey.authn.BasicAuthentication
;
import
org.maxkey.authn.BasicAuthentication
;
import
org.maxkey.authz.endpoint.AuthorizeBaseEndpoint
;
import
org.maxkey.authz.oauth2.common.util.OAuth2Utils
;
import
org.maxkey.authz.oauth2.common.util.OAuth2Utils
;
import
org.maxkey.authz.oauth2.provider.AuthorizationRequest
;
import
org.maxkey.authz.oauth2.provider.AuthorizationRequest
;
import
org.maxkey.authz.oauth2.provider.ClientDetailsService
;
import
org.maxkey.authz.oauth2.provider.ClientDetailsService
;
import
org.maxkey.authz.oauth2.provider.approval.Approval
;
import
org.maxkey.authz.oauth2.provider.approval.Approval
;
import
org.maxkey.authz.oauth2.provider.approval.ApprovalStore
;
import
org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus
;
import
org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus
;
import
org.maxkey.authz.oauth2.provider.approval.ApprovalStore
;
import
org.maxkey.dao.service.AppsService
;
import
org.maxkey.domain.apps.Apps
;
import
org.maxkey.domain.apps.oauth2.provider.ClientDetails
;
import
org.maxkey.domain.apps.oauth2.provider.ClientDetails
;
import
org.maxkey.web.WebContext
;
import
org.maxkey.web.WebContext
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
...
@@ -32,56 +33,84 @@ import org.springframework.web.servlet.ModelAndView;
...
@@ -32,56 +33,84 @@ import org.springframework.web.servlet.ModelAndView;
@SessionAttributes
(
"authorizationRequest"
)
@SessionAttributes
(
"authorizationRequest"
)
public
class
OAuth20AccessConfirmationController
{
public
class
OAuth20AccessConfirmationController
{
@Autowired
@Autowired
@Qualifier
(
"oauth20JdbcClientDetailsService"
)
@Qualifier
(
"appsService"
)
private
ClientDetailsService
clientDetailsService
;
protected
AppsService
appsService
;
@Autowired
@Autowired
@Qualifier
(
"oauth20ApprovalStore"
)
@Qualifier
(
"oauth20JdbcClientDetailsService"
)
private
ApprovalStore
approvalStore
;
private
ClientDetailsService
clientDetailsService
;
@Autowired
@Autowired
@Qualifier
(
"oauth20UserApprovalHandler"
)
@Qualifier
(
"oauth20ApprovalStore"
)
OAuth20UserApprovalHandler
oauth20UserApprovalHandler
;
private
ApprovalStore
approvalStore
;
@Autowired
@RequestMapping
(
"/oauth/v20/approval_confirm"
)
@Qualifier
(
"oauth20UserApprovalHandler"
)
public
ModelAndView
getAccessConfirmation
(
@RequestParam
Map
<
String
,
Object
>
model
)
throws
Exception
{
OAuth20UserApprovalHandler
oauth20UserApprovalHandler
;
model
.
remove
(
"authorizationRequest"
);
Map
<
String
,
String
>
modelRequest
=
new
HashMap
<
String
,
String
>();
/**
for
(
Object
key:
model
.
keySet
()){
* getAccessConfirmation.
modelRequest
.
put
(
key
.
toString
(),
model
.
get
(
key
).
toString
());
* @param model Map
}
* @return
String
principal
=((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getUsername
();
* throws Exception
//Map<String, Object> model
*/
AuthorizationRequest
clientAuth
=
(
AuthorizationRequest
)
WebContext
.
getAttribute
(
"authorizationRequest"
);
@RequestMapping
(
"/oauth/v20/approval_confirm"
)
ClientDetails
client
=
clientDetailsService
.
loadClientByClientId
(
clientAuth
.
getClientId
());
public
ModelAndView
getAccessConfirmation
(
model
.
put
(
"auth_request"
,
clientAuth
);
@RequestParam
Map
<
String
,
Object
>
model
)
throws
Exception
{
model
.
put
(
"client"
,
client
);
model
.
remove
(
"authorizationRequest"
);
model
.
put
(
"oauth_version"
,
"oauth 2.0"
);
Map
<
String
,
String
>
modelRequest
=
new
HashMap
<
String
,
String
>();
Map
<
String
,
String
>
scopes
=
new
LinkedHashMap
<
String
,
String
>();
for
(
Object
key
:
model
.
keySet
())
{
for
(
String
scope
:
clientAuth
.
getScope
())
{
modelRequest
.
put
(
key
.
toString
(),
model
.
get
(
key
).
toString
());
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
scope
,
"false"
);
}
}
// Map<String, Object> model
for
(
Approval
approval
:
approvalStore
.
getApprovals
(
principal
,
client
.
getClientId
()))
{
AuthorizationRequest
clientAuth
=
if
(
clientAuth
.
getScope
().
contains
(
approval
.
getScope
()))
{
(
AuthorizationRequest
)
WebContext
.
getAttribute
(
"authorizationRequest"
);
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
approval
.
getScope
(),
ClientDetails
client
=
clientDetailsService
.
loadClientByClientId
(
clientAuth
.
getClientId
());
approval
.
getStatus
()
==
ApprovalStatus
.
APPROVED
?
"true"
:
"false"
);
Apps
app
=
(
Apps
)
WebContext
.
getAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
());
}
//session中为空或者id不一致重新加载
}
if
(
app
==
null
||
!
app
.
getId
().
equalsIgnoreCase
(
clientAuth
.
getClientId
()))
{
model
.
put
(
"scopes"
,
scopes
);
app
=
appsService
.
get
(
clientAuth
.
getClientId
());
WebContext
.
setAttribute
(
AuthorizeBaseEndpoint
.
class
.
getName
(),
app
);
ModelAndView
modelAndView
=
new
ModelAndView
(
"authorize/oauth_access_confirmation"
);
WebContext
.
setAttribute
(
app
.
getId
(),
app
.
getIcon
());
modelAndView
.
addObject
(
"model"
,
model
);
}
return
modelAndView
;
}
model
.
put
(
"auth_request"
,
clientAuth
);
model
.
put
(
"client"
,
client
);
model
.
put
(
"app"
,
app
);
model
.
put
(
"oauth_version"
,
"oauth 2.0"
);
Map
<
String
,
String
>
scopes
=
new
LinkedHashMap
<
String
,
String
>();
for
(
String
scope
:
clientAuth
.
getScope
())
{
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
scope
,
"false"
);
}
String
principal
=
((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getUsername
();
for
(
Approval
approval
:
approvalStore
.
getApprovals
(
principal
,
client
.
getClientId
()))
{
if
(
clientAuth
.
getScope
().
contains
(
approval
.
getScope
()))
{
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
approval
.
getScope
(),
approval
.
getStatus
()
==
ApprovalStatus
.
APPROVED
?
"true"
:
"false"
);
}
}
model
.
put
(
"scopes"
,
scopes
);
ModelAndView
modelAndView
=
new
ModelAndView
(
"authorize/oauth_access_confirmation"
);
modelAndView
.
addObject
(
"model"
,
model
);
return
modelAndView
;
}
@RequestMapping
(
"/oauth/v20/error"
)
/**
public
String
handleError
(
Map
<
String
,
Object
>
model
)
throws
Exception
{
* handleError.
// We can add more stuff to the model here for JSP rendering. If the client was a machine then
* @param model Map
// the JSON will already have been rendered.
* @return
model
.
put
(
"message"
,
"There was a problem with the OAuth2 protocol"
);
* throws Exception
return
"oauth_error"
;
*/
}
@RequestMapping
(
"/oauth/v20/error"
)
public
String
handleError
(
Map
<
String
,
Object
>
model
)
throws
Exception
{
// We can add more stuff to the model here for JSP rendering. If the client was
// a machine then
// the JSON will already have been rendered.
model
.
put
(
"message"
,
"There was a problem with the OAuth2 protocol"
);
return
"oauth_error"
;
}
}
}
maxkey-web-maxkey/src/main/resources/messages/message.properties
浏览文件 @
173f5cdf
...
@@ -180,6 +180,11 @@ apps.protocol=\u8BBF\u95EE\u534F\u8BAE
...
@@ -180,6 +180,11 @@ apps.protocol=\u8BBF\u95EE\u534F\u8BAE
apps.category
=
\u
7C7B
\u
578B
apps.category
=
\u
7C7B
\u
578B
apps.account
=
\u
8D26
\u
53F7
apps.account
=
\u
8D26
\u
53F7
apps.oauth.approval.title
=
OAuth
\u6388\u6743\u
8BF7
\u
6C42
apps.oauth.approval.info
=
\u
6B64
\u
7B2C
\u
4E09
\u
65B9
\u
5E94
\u7528\u
8BF7
\u
6C42
\u
83B7
\u
5F97
\u
4EE5
\u
4E0B
\u6743\u9650
:
apps.oauth.approval.context
=
\u
8BBF
\u
95EE
\u
4F60
\u7684\u
4E2A
\u
4EBA
\u
4FE1
\u
606F
apps.oauth.approval.authorize
=
\u
540C
\u
610F
\u6388\u6743
button.text.action
=
\u
8BBF
\u
95EE
button.text.action
=
\u
8BBF
\u
95EE
button.text.visit
=
\u
8BBF
\u
95EE
button.text.visit
=
\u
8BBF
\u
95EE
button.text.save
=
\u
4FDD
\u
5B58
button.text.save
=
\u
4FDD
\u
5B58
...
...
maxkey-web-maxkey/src/main/resources/messages/message_en.properties
浏览文件 @
173f5cdf
...
@@ -179,6 +179,11 @@ apps.protocol=protocol
...
@@ -179,6 +179,11 @@ apps.protocol=protocol
apps.category
=
category
apps.category
=
category
apps.account
=
account
apps.account
=
account
apps.oauth.approval.title
=
OAuth Authorize Confirm
apps.oauth.approval.info
=
This third-party app request has the following permissions:
apps.oauth.approval.context
=
Access your personal information
apps.oauth.approval.authorize
=
Authorize
button.text.action
=
Action
button.text.action
=
Action
button.text.visit
=
Visit
button.text.visit
=
Visit
button.text.save
=
Save
button.text.save
=
Save
...
...
maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
浏览文件 @
173f5cdf
...
@@ -11,17 +11,31 @@
...
@@ -11,17 +11,31 @@
</div>
</div>
<div
class=
"container"
>
<div
class=
"container"
>
<
#if
'
oauth
2.0'==
model.oauth_version
>
<
#if
'
oauth
2.0'==
model.oauth_version
>
<!-- oauth 2.0 -->
<!-- oauth 2.0 -->
<h2>
Please Confirm OAuth 2.0
</h2>
<table
class=
"table table-bordered"
>
<tr>
<p>
You hereby authorize "${model.client.clientId!}" to access your protected resources.
</p>
<th
colspan=
'2'
><
@
locale
code=
"apps.oauth.approval.title"
/></th>
</tr>
<tr>
<td><img
src=
"<@base/>/image/${model.app.id}"
title=
"${model.app.name}"
width=
"65px"
height=
"65px"
style=
"border:0;"
/></td>
<td>
<b>
${model.app.name!}
</b><br/>
<
@
locale
code=
"apps.oauth.approval.info"
/>
</td>
</tr>
<tr>
<td></td>
<td>
<span
class=
"checkboxspan icon_checkbox_selected"
></span>
<
@
locale
code=
"apps.oauth.approval.context"
/>
</td>
</tr>
</table>
<!--<p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>-->
<form
id=
"confirmationForm"
name=
"confirmationForm"
action=
"<@base/>/oauth/v20/authorize"
method=
"post"
>
<form
id=
"confirmationForm"
name=
"confirmationForm"
action=
"<@base/>/oauth/v20/authorize"
method=
"post"
>
<input
name=
"user_oauth_approval"
value=
"true"
type=
"hidden"
/>
<input
name=
"user_oauth_approval"
value=
"true"
type=
"hidden"
/>
<label><input
class=
"button btn btn-primary mr-3"
name=
"authorize"
value=
'<@locale code="apps.oauth.approval.authorize"/>'
type=
"submit"
/></label>
<ul>
</ul>
<label><input
name=
"authorize"
value=
"Authorize"
type=
"submit"
/></label>
</form>
</form>
</
#
if>
</
#
if>
</div>
</div>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录